Fighting malware and spam

Last-minute presentations:

10:40 - 11:10 Brazil: land of plentiful bankers Dmitry Bestuzhev, Kaspersky Lab
11:10 - 11:40 iPhone v3 malware vector Marius van Oers, McAfee

10:40 - 11:10 Brazil: land of plentiful bankers, Dmitry Bestuzhev, Kaspersky Lab

Download slides.

Anyone who has analysed the code of malicious programs designed to steal users' banking information will probably agree that Brazil is one of the most active countries and the source of the largest number of so-called banking trojans. Why is Brazil the leader when it comes to creating this type of malware? Who is behind these crimes, and what is a typical cybercriminal like?

Certain social aspects of the country are one of the factors which encourage the growth of such crimes. What are the connections between Delphi, the programming language in which the majority of samples are written, the cybercriminals and the social factors that surround them?

The biggest banks in Brazil are Banco do Brasil, with a total of 7,900,000 online banking clients; Bradesco, with 6,900,000 online banking clients, Itaú, with 4,200,000 online banking clients, and Caixa with 3,690,000 online banking clients. How do these banks ensure that client transactions are secure? Often a special plug-in, G-Buster, has to be installed before a client can access the bank's main page; this plug-in is designed to prevent malicious code from running on the client machine while authorization is being performed or a transaction being made. What additional security mechanisms are used? How do cybercriminals combat these mechanisms? Several examples will be given of the methods used by cybercriminals.

Which social networking sites are commonly used by virus writers to steal banking data? Which malicious programs that are not, strictly speaking, banking trojans, are used to steal money? Where is stolen data stored and in what form? Which bank's clients suffer from the greatest number of attacks and why? And finally, taking a look beyond the official explanations, who's actually behind the Brazilian bankers, and where does the money go?

This presentation answers the questions above, and many others. All information in the presentation was collected in the course of personal research while living in Latin America.

11:10 - 11:40 iPhone v3 malware vector, Marius van Oers, McAfee

Download slides.

The Apple iPhone is very popular and is available globally. With the appearance of v3 of the iPhone OS many new powerful features have been added.

It was already possible to access the AddressBook from the Apple iPhone SDK. Now, with the recently released v3.0b, it is also possible to create (HTML) email messages, setting the Subject, setting the TO/CC/BCC recipients and it is also even possible to include file attachments.

It is now also possible to query the network configuration and/or if a certain target host would be reachable.

Malware might abuse those combined features.

This paper takes a look at what new features of iPhone OS 3 have been added and what possible new malware attack vectors could arise from it.